stable
Clone or download
Read-only
request #10181: Domain name equivalence is not verified properly in the CSRF protection of the REST API
When checking the equivalence of domain names, the comparaison must be case independent and take care of internationalized domain name [1]. [1] https://tools.ietf.org/html/rfc5890#section-2.3.2.4 Change-Id: I5d30152f923c9e81aa93cb74015897ba2d70c7eb
Modified Files
Name | ||||
---|---|---|---|---|
M | src/common/REST/GateKeeper.class.php | +2 | −2 | Go to diff View file |
M | tests/simpletest/common/REST/GateKeeperTest.php | +28 | −1 | Go to diff View file |
M | tools/rpm/tuleap.rhel6.spec | +1 | −1 | Go to diff View file |
M | tools/rpm/tuleap.rhel7.spec | +1 | −1 | Go to diff View file |